tyiu/damus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nostrdb: nostrdb: calculate id in ndb_note_verify

Browse Source 
Rogue relays could in theory attack nostrdb by replaying ids and
signatures from other notes. This fixes this weakness by calculating the
id again in ndb_note_verify.

There is no known relays exploiting this, but lets get ahead of it
before we switch to the outbox model in damus iOS/notedeck

Signed-off-by: William Casarin <jb55@jb55.com>
This commit is contained in:
William Casarin
2025-06-24 10:21:22 -07:00
committed by Daniel D’Aquino
parent 3a37a6c18e
commit fa2d240ddf
2 changed files with 47 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
nostrdb/src/nostrdb.h
View File

@@ -493,11 +493,11 @@ void ndb_config_set_subscription_callback(struct ndb_config *config, ndb_sub_fn
void ndb_config_set_writer_scratch_buffer_size(struct ndb_config *config, int scratch_size);
// HELPERS
int ndb_calculate_id(struct ndb_note *note, unsigned char *buf, int buflen);
int ndb_calculate_id(struct ndb_note *note, unsigned char *buf, int buflen, unsigned char *id);
int ndb_sign_id(struct ndb_keypair *keypair, unsigned char id[32], unsigned char sig[64]);
int ndb_create_keypair(struct ndb_keypair *key);
int ndb_decode_key(const char *secstr, struct ndb_keypair *keypair);
int ndb_note_verify(void *secp_ctx, unsigned char pubkey[32], unsigned char id[32], unsigned char signature[64]);
int ndb_note_verify(void *secp_ctx, unsigned char *scratch, size_t scratch_size, struct ndb_note *note);
// NDB
int ndb_init(struct ndb **ndb, const char *dbdir, const struct ndb_config *);